Access with SSH/rsync/BorgBackup

Last change on 2023-07-03 • Created on 2020-05-18 • ID: RO-F6D36

SSH / rsync / BorgBackup

The Storage Box provides an extended SSH service on port 23. With this service, you can use rsync, BorgBackup, and some additional command line tools.

To create an SSH connection on your Storage Box, first activate the SSH support setting for your Storage Box via the Robot administration interface. After that, you can access it via command line:

ssh -p23 uXXXXX@uXXXXX.your-storagebox.de

It is possible to get interactive SSH access, but this access is limited. It is not possible to have interactive access via port 22, but it is possible via port 23. There is no full shell. For example, it is not possible to use pipes or redirects. It is also not possible to execute uploaded scripts.

But you can directly execute commands via SSH like this:

ssh -p23 uXXXXX@uXXXXX.your-storagebox.de mkdir new_directory

If you use a sub-account, then please use the username of the sub-account for the SSH connection.

For SSH key authentication, you need to save a public SSH key in normal OpenSSH format on your Storage Box. Do not save the key in RFC4716 format. For a more detailed guide, please see Storage Box SSH Keys.

Only the directory /home/ is writable on the Storage Box. To address directories or files on the Storage Box, we therefore recommend that you use relative paths. For example, to download the file /server1/full_backup.tar.gz from the Storage Box, you can use the following file paths:

server1/full_backup.tar.gz
./server1/full_backup.tar.gz

BorgBackup

With BorgBackup, you can save encrypted and duplicate backups of your Storage Box. You can find a guide for how to do this at BorgBackup.

Storage Boxes use Borg 1.2 as the default version. If you want to use an older version, you can do so by specifying the additional argument --remote-path=<borg-version>. Generally we recommend that you omit this parameter so that you always use the newest version. For example:

borg init --encryption=repokey --remote-path=borg-X.X ssh://uXXXXX@uXXXXX.your-storagebox.de:23/./borg-repository

Append-only mode

It is possible to use Borg in an append only mode. This mode only allows the creation of new archives, but denies the deletion of old archives. You can find instructions for the configuration on the official BorgBackup documentation.

Note: A restricted client can still execute archive deletions. The archives will not directly be deleted, but will instead be marked as deleted. To delete the archives, you must execute a deletion or execute a write operation from an unrestricted client. To restore an archive which is marked as deleted, please follow the BorgBackup documentation.

rsync

You can use rsync to upload the current state of your file directories to your Storage Box. For example, to upload a local directory to the Storage Box, you can use rsync as follows:

rsync --progress -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>

To re-download a directory from the Storage Box, you only need to swap the directories:

rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-storagebox.de:<remote_directory> <local_directory>

To also remove files which you have already deleted from the source system from the destination, add the --delete parameter. Otherwise deleted files will remain on the target system, and only changes or new files will be transferred. For example:

rsync --progress --delete -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>

It is not possible to customize the user and group ID of the uploaded files. We also do not recommend backing up your whole server like this. For such tasks, we recommend a backup tool like BorgBackup.

SCP

You can also use SCP via port 23. To upload a file via SCP, you can execute the following command:

scp -P 23 <local_file> <username>@<username>.your-storagebox.de:<remote_file>

To download the file again, you only have to swap the target and source files:

scp -P 23 <username>@<username>.your-storagebox.de:<remote_file> <local_file>

SFTP

Accessing your Storage Box via SFTP is similar to accessing it with an FTP client. To start an SFTP session, please execute the following command:

sftp -P 23 <username>@<username>.your-storagebox.de

You can then upload files using put and download them using get. With ls, you get a directory listing:

sftp> put 100MB.file
Uploading 100MB.file to /home/100MB.file
100MB.file                           100%  100MB  78.7MB/s   00:01
sftp> ls -ahl
drwxr-xr-x    0 12345      12345     16B  Mar 28 10:55 .
dr-x--x--x    0 0          0         10B  Mar 27 12:16 ..
-rw-r--r--    0 12345      12345     100M Mar 28 11:34 100MB.file
sftp> get 100MB.file
Fetching /home/100MB.file to 100MB.file
/home/100MB.file                     100%  100MB 110.6MB/s   00:00
sftp> quit

dd

You can use dd to up- or download data directly to/from the Storage Box. For example, you can execute the following to create an archive file using Linux and to upload it directly to the Storage Box:

tar -cz <Source-Directory> | ssh -p23 uXXXXX@uXXXXX.your-storagebox.de "dd of=archive.tar.gz bs=4M"

To download this archive again and extract it, execute this:

ssh -p23 uXXXXX@uXXXXX.your-storagebox.de "dd if=archive.tar.gz bs=4M" | tar -xz -C <Target-Directory>

Rclone

You can use the SFTP backend in Rclone to access the Storage Box. To configure Rclone, run the command rclone config and follow the assistant.

Or you can also manually configure it. A minimal configuration (default path ~/.config/rclone/rclone.conf) looks like this:

[storagebox]
type = sftp
host = uXXXXX.your-storagebox.de
user = uXXXXX
port = 23
pass = <obscured-password>

To obscure the password, execute the command rclone obscure <clear-text-password>.

Instead of the password in the pass variable, you can also specify an SSH key with the configuration variable key_file = <path-to-private-key>.

You can then access the Storage Box with:

rclone ls storagebox:

Note: If you receive md5 checksum errors while you upload larger directories, you probably have reached the connection limit for your account (max. 10 simultaneous connections). To avoid this behaviour, you can add the flag --checkers=<count lower 8> for sftp connections or --ftp-concurrency=10 for ftp connections to your command.

Please check the Rclone documentation for more details.

Restic

Restic is natively supported with the SFTP backend. As another option, we support the restic backend, which is provided by Rclone over SSH.

Cpanel and JetBackup

You can find a guide for the configuration here.

SSH host keys

In order to ensure the authenticity of the connection, you can compare the host keys of the Storage Box with the keys below.

SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM (ED25519)
SHA256:EMlfI8GsRIfpVkoW1H2u0zYVpFGKkIMKHFZIRkf2ioI (RSA)
SHA256:RWkLouD9tfTwdboJOzjiWo5njZI59Hcta82ttAWxDA0 (DSA)
SHA256:oDHZqKXnoMtgvPBjjC57pcuFez28roaEuFcfwyg8O5c (ECDSA)

Available commands

You can use the following commands on the Storage Box:

ls
stat
cd
pwd
mkdir
rmdir
touch
du
df
dd
cp
rm
unlink
mv
chmod
cat
tail
head
grep
md5
sha1
sha256
sha512
md5sum
sha1sum
sha256sum
sha512sum
Table of Contents